so we could change it very easy, but in file lang.inc which is added
earlier in basilix.php3 there is a function which checks the RequestID
variable so we can not pass for example request_id[BLAH]=/etc/passwd.
But there is one hole in it and we can pass
request_id[DUMMY]=whatever_we_want and it will not fail. In effect
attacker can read any file in system ( if she/he has permission ) and
can 'execute' php files.